Business through Mobile Phone initiated Near Field Communication

Business through Mobile Phone initiated Near Field Communication Josef Noll 1, Juan Carlos Lopez Calvet, Telenor R&D,, N-1331 Fornebu josef@unik.no, juan.calvet@telenor.com 1 from 1.6.2005 Prof. stip. University Graduate Studies (UniK) N-2027 Kjeller Josef Noll, 11.5.2005 RFID & NFC 1

Need for an identifier Real world: see and/or talk Voice Face Virtual world: email, web Username, passwd SIM PKI Service world (between providers) Identity management Service level agreement (SLA) Trust relation Josef Noll, 11.5.2005 RFID & NFC 2

RFID communication modes RFID tag: - microchip attached to an antenna - sends signals to a reader. - contains a unique serial number, but may have other information, such as a customers' account number. Reader (passiv RFID): - Inductor to create electromagnetic field in tag - Receiver for radio response from tag (ROM-value: up to 600 bytes, typical 64-128 bits Inductive Coupling Propagation Coupling Aktive (own power) Range: ad lib (no limit) Passive (inductive) Range: from mm to some metres Josef Noll, 11.5.2005 RFID & NFC 3 Source: Tor Hjalmar Johannessen, Telenor

Potential Security Problems 1. Authentication: Cloning theft of RFID 2. Confidentiality Uncontrolled surveillance Security problem 1: RFID is easy to clone WARNING - hide a reader in a lift door, a chair, or other places you come close Read response and programme a separate tag with same RFID id. The user can t know where reading took place. Difficult to trace later on Security problem 2: Uncontrolled Surveillance -With hidden tags in clothes, money, credit card the user has no longer control when/where/how he can be detected. Organisations are active to stop RFID. Ref: www.stop-rfid.org Potential restrictions on the way in the USA. WARNING Josef Noll, 11.5.2005 RFID & NFC 4 Source: Tor Hjalmar Johannessen, Telenor

The Mobile Takes It All SIM with RFID & PKI Josef Noll, 11.5.2005 RFID & NFC 5

Seamless authentication Service access Physical access VPN Home access,.mp3,.jpg Josef Noll, 11.5.2005 RFID & NFC 6

Telenor s potential in RFID/NFC Authentication provision for service providers, e.g. Oslo Sporveier, Filmweb, SAS Braathens, Tickets and admittance (aircraft boarding) can be provided through SMS Physical access to buildings from mobile phone. Examples: Public Buildings, Building blocks, Company We have contacts to he Police in Asker/Bærum, to the Fornebu Eiendomsutvikling, and Telenor Eiendom VPN access to intranet information Replace the smartcard with the info you have on the phone (information exchange between phone and PC) Seamless access to digital content at home based on GSM authentication (not RFID) Josef Noll, 11.5.2005 RFID & NFC 7

Advantages of a RFID/SIM card Potentially every GSM mobile phone could adopt the technology Security concerns could be improved by having control of the RFID tag behaviour through the SIM card by blocking/opening the card Use the PKI infrastructure and the already established services (mcommerce) behind the SIM card GSM GPRS RFID System Marketing Mobil Handel Access Control INTERNET Personal ID Localization Josef Noll, 11.5.2005 RFID & NFC 8

Security Requirement Four-in-one: Your mobile integrates them all Have to know Need to know Nice to know Examples: mhandel, VPN Intranet, email, Admittance Network access & * * RFID & SIM passwd & RFID, SIM & PKI *& RFID (& SIM) Josef Noll, 11.5.2005 RFID & NFC 9 *Patent pending

Josef Noll, 11.5.2005 RFID & NFC 10

RFID payment usage coffee machines in Telenor R&D RFID card in 2005 Tests in OSL and Arlanda RFID cards Think Planned Q4.2005, Univ. Tromsø (N) Payment on coffee machine Payment Entrance to door B6e Entrance Josef Noll, 11.5.2005 RFID & NFC 11 Electronic access (VPN) - Telenor

Timeline: Phone with RFID & PKI SIM card with integrated RFID Prototypes available from: Giesecke & Devrient: demonstrated on Siemens phones Gemplus: both on one chip, (terminated) NFC Near Field Communication (NFC) Standardisation of Philips, Nokia, Sony, Phones with RFID chip Phone status: Nokia: on stock, Siemens: prototypes Josef Noll, 11.5.2005 RFID & NFC 12

Near Field Communication (NFC) is a touchbased RFID technology Technology NFC works in the globally available 13.56 MHz band The effective working distance is up to a few centimeters Based on ISO 18092 including ISO14443A MiFare and FeliCa standards, ie compatible with the most broadly established smart card infrastructure covering >80% of the market Tags Devices Tags in smart objects are powered by the radio signal of the reader, and do not require any battery or other source of power The tags contain some memory that can store URLs, SMS and similar information Costs currently a few ten EUR cents and decreasing rapidly Devices do not contain tags, but can communicate using the same interface Devices can not only read tags, but also write to enabled tags Josef Noll, 11.5.2005 RFID & NFC 13 Sources: Nokia, Froster & Sullivan; Forrester

Near field communication (NFC) Based on RFID technology at 13.56 MHz Typical operating distance 10 cm Compatible with RFID Data rate today up to 424 kbit/s Philips and Sony ECMA-340, ISO/IEC 18092 & ECMA-352, standards Powered and non-self powered devices Josef Noll, 11.5.2005 RFID & NFC 14

NFC near field communication in praxis [copyright: www.nfc-forum.org] - Example: streaming DRM Josef Noll, 11.5.2005 RFID & NFC 15

NFC near field communication in praxis [copyright: www.nfc-forum.org] - Example: travelling Josef Noll, 11.5.2005 RFID & NFC 16

NFC standardisation ECMA-340 Specifies the RF signal interface Initialisation, anticollision and protocols Communication mode selection mechanism ECMA 352 (v1, Dec 2003) Selects communication modes: NFC, PCD, and VCD Enables communication in that mode Josef Noll, 11.5.2005 RFID & NFC 17

NFCIP-2 Interface and protocol (ISO/IEC 21481) Interface Standards ECMA-340 Josef Noll, 11.5.2005 RFID & NFC 18 ISO/IEC 14443 PCD mode (MIFARE, FeliCa) ISO/IEC 15693 VCD mode (facility access)

ECMA: NFC work items & future plans Work items ECMA-356: RF interface tests for ECMA-340 devices ECMA-362: Protocol Test Methods Future working items A mapping of NFC to other communication protocols including the Internet Protocol (IP), GSM and Bluetooth Advanced Logical Link Control with addressing and segmentation support Support for Data Link and end-to-end security and key management Air-to-wired interface specification Application extensions in NFCIP-1 Power control as an example application extension Josef Noll, 11.5.2005 RFID & NFC 19

NFC changes the role of the mobile operator The mobile operator is the communication provider Everybody has a mobile phone People know that they can reach me and not my parents Companies have identified the value of personal phones and change their infrastructure The phone carries all my contacts Connected 24/7 (all the time, not just 4 h a day) From access to communication Provide communication: voice, SMS, MMS, IM, email,. Seamless login (wap.telenormobil.no) my email, last 10 visited Provide presence and community services Provide authentication and security Josef Noll, 11.5.2005 RFID & NFC 20

Conclusion: Security & Authentication The last time we were connected by a wire was at birth! [Motorola] Services are mobile: On various radio systems: GSM, UMTS; WLAN, Bluetooth, DVB, Device limitations: battery, integration Changed role of operator: Communication provider All services authenticated by/through your mobile Appropriate security for each application Josef Noll, 11.5.2005 RFID & NFC 21

Challenges and way forward Josef Noll, 11.5.2005 RFID & NFC 22

Security infrastructure Security depends on application Nice to know: WLAN network access Need to know: email, Intranett Have to know: VPN, (ecommerce) Higher level require more than just username & password http://www.openauthentication.org/ suggests 3 methods SIM authentication (GSM, EAP-SIM, ) Public Key Infrastructure (PKI) One-Time-Password (OTP) In-line with requirements from Norwegian government for esignature Depending on application: username & password or PKI The Mobile phone has all three: SIM, PKI, and OTP Challenge: Usability and exchange of credentials to my working devices Josef Noll, 11.5.2005 RFID & NFC 23

What is going on out there? Josef Noll, 11.5.2005 RFID & NFC 24

Users have three main areas of interest in proximity interaction Sharing experiences Sharing the rich content that we create every day with our friends and family Transferring our digital content between our own devices Information form about things they see Easily accessing digital services related to items that we see in our environment Simple access to on-line content from physical objects Simple and easy transactions Using a convenient, connected and secure way of paying Buying, storing and using tickets where ever, when ever * Depending on the availability of DRM that allow this Josef Noll, 11.5.2005 RFID & NFC 25

Touch to share a link or content The use case: With a touch, mobile terminals exchange web links or content A (BT) link is set up and the content transferred automatically Key benefits: Easy viral marketing of links Increased use of camera and MMS by enabling more content on phones Create a pattern of mobile as content hub Increased usability Josef Noll, 11.5.2005 RFID & NFC 26 Future opportunities: Can be easily extended to share

Touch to get services and content in store The use case: In-shop advertisements of content and services by use of tags in phone store In music stores ringtone ads next to albums, e.g., latest album from Beyoncé Key benefits: Operator revenue from data and content billing Usability: easy service discovery and access Josef Noll, 11.5.2005 RFID & NFC 27

Touch to pair devices The use case: Tagged headsets provide BT parameters when touched BT link setup and pairing automatically initiated from terminal Key benefits: Increased usability True out-of-the-box readiness for headsets Future opportunities: Any other BT enhancement, e.g. picture sharing with image frames, media viewers Josef Noll, 11.5.2005 RFID & NFC 28

Touch to subscribe to services The use case: Along with the monthly bill or promotional mail, users get tags for services on offer. By touching the tag, users can configure service settings or subscribe to mobile services (e.g. soccer news). Key benefits: New service advertising channel Operator revenue (data, service subscriptions) Superior user experience User education: recurrent reminder of available services Josef Noll, 11.5.2005 RFID & NFC 29